MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

13.3.09

Deception strategies are the main feature that uses the scareware to create fear in the user and ensure the implementation of your installer. While the excuses that are used for the deceptions are many, some more prominent than others, increasingly are being more clearly increased efforts to design and create more sophisticated strategies.

In this case, deception is focused on online scans produce a team that always found problems with infection, offering the download of the alleged security tool that will solve the problems. All completely false.

When the user first accesses the malicious page, an alert warns of the potential possibility that our team has been the victim of malicious code.

At this time there is a simulated scans of the team that is represented by a fake windows explorer and an animated gif that shows the progress bar indicating the progress of the scan, and then displays a popup with the nomenclature of alleged threats found in the system.

This image, which offers two options ("Remove all" and "Cancel") is another layer of deception, because no matter what sector of the image is clicked, the same effect: download the installer of malware. A file calledinstall.exe MD5 which is 8eed59709de00e8862d6ce3d5e19cb4a.

Some of the web addresses that are actively exploiting this malicious activity are: